Lucene search
K

79 matches found

OSV
OSV
added 2023/09/04 12:15 p.m.4 views

CVE-2023-4298

The 123.chat WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score
Exploits0References1
OSV
OSV
added 2023/08/30 3:15 p.m.4 views

CVE-2023-1982

The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00379EPSS
Exploits2References1
OSV
OSV
added 2023/04/24 7:15 p.m.5 views

CVE-2023-0418

The Video Central for WordPress plugin through 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS6.7AI score0.00444EPSS
Exploits2References1
OSV
OSV
added 2023/02/21 9:15 a.m.5 views

CVE-2023-0067

The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS6.1AI score0.00471EPSS
Exploits2References1
OSV
OSV
added 2023/02/21 9:15 a.m.3 views

CVE-2022-4750

The WP Responsive Testimonials Slider And Widget WordPress plugin through 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

5.4CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2023/02/13 3:15 p.m.5 views

CVE-2022-4682

The Lightbox Gallery WordPress plugin before 0.9.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00707EPSS
Exploits2References1
OSV
OSV
added 2023/01/23 3:15 p.m.5 views

CVE-2022-4753

The Print-O-Matic WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
OSV
OSV
added 2023/01/23 3:15 p.m.5 views

CVE-2022-4475

The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score0.00534EPSS
Exploits2References1
OSV
OSV
added 2023/01/09 11:15 p.m.3 views

CVE-2022-4393

The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/12/06 12:0 a.m.25 views

Proofpoint Enterprise Protection 跨站脚本漏洞

Proofpoint Enterprise Protection is an application from Proofpoint USA. It provides functionality to protect e-mail. A security vulnerability exists in Proofpoint Enterprise Protection PPS/PoD version 8.19.0 and prior versions, which stems from the Administrator Smart Search feature containing a...

9.6CVSS8.1AI score0.00612EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/10/10 9:15 p.m.1 views

CVE-2022-2448

The reSmush.it WordPress plugin before 0.4.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS5.9AI score0.00506EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/09/19 2:15 p.m.3 views

CVE-2022-2567

The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.9AI score0.005EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/08/08 2:15 p.m.5 views

CVE-2022-2412

The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.9AI score0.00493EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/06/13 1:15 p.m.7 views

CVE-2022-1759

The RB Internal Links WordPress plugin through 2.0.16 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escap...

5.4CVSS6.1AI score0.00292EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/03/15 12:0 a.m.9 views

PT-2022-2686 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: A flaw was found in Moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. The vulnerability is related to...

9.8CVSS6AI score0.49102EPSS
Exploits2References53
OSV
OSV
added 2021/05/05 7:15 p.m.4 views

CVE-2021-24260

The “Livemesh Addons for Elementor” WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

5.4CVSS5.8AI score0.00663EPSS
Exploits1References2
OSV
OSV
added 2021/05/05 7:15 p.m.8 views

CVE-2021-24268

The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

5.4CVSS6.1AI score0.0059EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2020/04/15 12:0 a.m.2 views

VulnCheck KEV: CVE-2019-17231

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues...

6.1CVSS6.4AI score0.01216EPSS
Exploits1References1
CNVD
CNVD
added 2017/09/10 12:0 a.m.6 views

Stored Cross-Site Scripting Vulnerability in PigCMS Sitewide

PigCms also known as Piggy CMS is a multi-user php + mysql based WeChat marketing source code program developed by Hefei Pisan Internet Information Technology Co. PigCMS has a stored cross-site scripting vulnerability throughout the site. After logging into the system, an attacker inserts malicio...

6.3AI score
Exploits0
Rows per page
Query Builder